[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] the value of AuthnInstant
As I said before, I think this is the correct reading of the current core spec (as in other interpretations are wrong). From the preamble in section 2.7.2: The <AuthnStatement> element describes a statement by the SAML authority asserting that the assertion subject was authenticated by a particular means at a particular time. and the description of AuthnInstant (an attribute of the <AuthnStatement>): Specifies the time at which the authentication took place.... I don't think this leaves much to deployment/implementation interpretation. Conor > -----Original Message----- > From: Tom Scavo [mailto:trscavo@gmail.com] > Sent: Monday, February 11, 2008 4:57 PM > To: Cahill, Conor P > Cc: Scott Cantor; SAML Developers > Subject: Re: [saml-dev] the value of AuthnInstant > > That makes total sense, Conor. Your words could be considered errata, I > think. > > Tom > > On Feb 11, 2008 4:20 PM, Cahill, Conor P <conor.p.cahill@intel.com> wrote: > > Yes, a cookie could be considered > > some form of authentication. However, if the IdP says in the AC that > > the > > user presented username/password, then the AuthnInstant has to be when > > that > > took place, not when some session cookie was presented to the IdP. > > > > So, yes, if I have an AuthnContext that says "Got a cookie", then the > > AuthnInstant can match the IssueInstant. > > > > Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]